#8 Client netfilter correction

Kernel (3)

Philip Craig of SnapGear has posted his correction of
existing PPTP connection tracking netfilter patch. See


for the latest to date patch and


for his explanation of the problem.

I attached the "cumulative" patch against pristine
Linux 2.4.20 kernel that will add PPTP connection
tracking modules necessary on the client side firewall
when internal machines connect to the same external server.

Note that your PPTP server will have to generate
different Call ID numbers in order for the PPTP modules
on the client firewall identify different workstations'
tunnels. See the poptop patch in the bug report 648880:


I think that no PPTP tracking is required when clients
connect to different external servers because TCP and
GRE replies will carry different source IP addresses
and this will allow netfilter to identify appropriate
client workstation.


  • Ilguiz Latypov

    Ilguiz Latypov - 2002-12-15

    A patch against Linux 2.4.20

  • Ilguiz Latypov

    Ilguiz Latypov - 2003-02-10

    Logged In: YES

    This cumulative patch is now outdated. It seems Philip
    Craig's corrections were incorporated into the netfilter
    patch-o-matic. Some extra changes were posted by Philip
    and adopted to patch-o-matic as well.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks